In recent years, devices for storing data (hereinafter referred to as a “target device”), such as memory cards, have been widely used with expanding applications. The target devices are used by a device which usually includes a slot to which the target device is inserted and stores data into the inserted target device (hereinafter referred to as a “host device”).
As one application, target devices handle data for which a copyright protection is required, such as audio data. In such an application, a confidential information processing method is used for the purpose of protecting a copy right of, for example, audio data. In the confidential information processing method, data which require a copyright protection is encrypted and the encrypted data is stored in the target device. This processing prevents an unauthorized copying of content such as copyrighted works or a leakage of content to outside.
A method for processing confidential information in order to protect copyright as mentioned above will be described below. In the confidential information processing method for protecting copyright, first of all, an authentication processing is carried out between the target device and the host device. Next, only when the authentication succeeded, the host device is allowed to obtain, from the target device, a content key (hereinafter referred to as “Kc”) which is a key for decrypting encrypted content. By obtaining the content key, the host device is allowed to use the encrypted content which is stored in the target device. With this structure, encrypted content is prevented from being decrypted by an unauthorized host device. A related art of such confidential information processing method for protecting copyright includes patent reference 1.
Next, a processing, in which the host device decrypts content using the Kc in the case where the authentication is succeeded, will be described with reference to the drawings. FIG. 1 is a functional block diagram showing a structure of main parts of the host device which executes the confidential information processing method as mentioned above. Here, in FIG. 1, it is assumed that the authentication processing is properly completed and both the target device and the host device are confirmed to be authenticated devices.
In FIG. 1, a case is described in which the target device 1301 is inserted into the host device 1300, and an encrypted content 1304, stored in a work area 1303 which is an area for work, is decrypted by a confidential information processing unit 1302, provided in the host device 1300, for carrying out encryption and decryption of confidential information, such as keys, in order to use content 1305. It is noted that the confidential information processing unit described herein is mounted, as hardware, in a semiconductor integrated circuit for enhancing security.
In FIG. 1, an authentication key Ka0 (1307) which is a key generated by an authentication processing 1306 is generated in order to explain the case where the authentication of the target device 1301 succeeded, as described above. Here, the authentication key is a key which is generated in the confidential information processing unit 1302 only when the authentication succeeded, and is calculated, in the authentication processing, based on an authentication host key which is a key which the host device includes for authentication and an authentication slave key which is a key which the target device includes for authentication.
Also, a content key which is stored in the target device 1301 is obtained from the target device 1301 when decrypting content. Note that the Kc is encrypted, for ensuring confidentiality, by the ka0 which is an authentication key and stored in the target device 1301. That means that only the host device which generated the ka0 by the authentication processing is allowed to decrypt the encrypted Kc. Note that an encrypted key which is generated by encrypting kc with ka0 is indicated as Enc (Kc, ka0) hereafter (other encrypted keys are indicated in the same manner). Encrypted content which is encrypted with the Kc is stored in the target device 1301. That means that the host device which generated the Kc can decrypt the encrypted content by acquiring the encrypted content from a target device 1301.
A description will be given of a processing to be performed after the host device 1300 obtains the Enc (Kc, ka0) 1308 stored in the target device and stores it in the work area 1303, after the authentication processing. It is assumed here that the encrypted content 1304 is also obtained from the target device 1301 after the authentication processing and is stored in the work area 1303. Note that the Enc (Kc, Ka0) and the encrypted content do not necessarily have to be stored temporarily in the work area 1303, but they may be inputted into the confidential information processing unit 1302 directly from the target device 1301.
In decrypting content, the host device 1300 first inputs the Enc (Kc, Ka0) 1308 into the confidential information processing unit 1302 and then performs a decryption processing 1309 using the ka0 (1307) which is generated by the authentication processing 1306. By doing this, a Kc 1310 which is a content key in a plain text form (referring to a non-encrypted form) is generated. Note that the generated Kc 1310 is kept in the confidential information processing unit 1302, and the host device 1300 is not allowed to obtain the value. Next, the host device 1300 inputs the encrypted content 1304 and performs a decryption processing 1311 using the Kc in the confidential information processing unit 1302. This allows the host device 1300 to obtain a decrypted content 1305 and the decryption processing for the content is completed. As described above, when decrypting content, the Kc is inputted into the confidential information processing unit as the Enc (Kc, Ka0) which is in an encrypted form, and the KC which is not encrypted yet is stored in the confidential information processing unit. Consequently, the host device can decrypt content ensuring the confidentiality of the Kc.
Patent Reference 1: Japanese Unexamined Patent Application Publication No. 2000-357126